Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: mark password attribute of aws_iam_user_login_profile as sensitive #39991

Merged
merged 4 commits into from
Nov 4, 2024
Merged

feat: mark password attribute of aws_iam_user_login_profile as sensitive #39991

merged 4 commits into from
Nov 4, 2024

Conversation

stefanfreitag
Copy link
Contributor

Description

As mentioned in #39907 the attribute password of the resource is not marked as sensitive. This implies that its value is displayed e.g. when running a terraform destroy command.

  # aws_iam_user_login_profile.this will be destroyed
  - resource "aws_iam_user_login_profile" "this" {
      - id              = "tf-bugreport-test" -> null
      - password        = "<redacted>" -> null
      - password_length = 20 -> null
      - user            = "tf-bugreport-test" -> null
    }

By marking this attribute as sensitive the output of same command changes to

  # aws_iam_user_login_profile.this will be destroyed
  - resource "aws_iam_user_login_profile" "this" {
      - id              = "tf-bugreport-test" -> null
      - password        = (sensitive value) -> null
      - password_length = 20 -> null
      - user            = "tf-bugreport-test" -> null
    }

The password is no longer displayed.

As part of this pull request I executed the existing tests related to the resource. I did not find any guidance on acceptance tests for this kind of change. If you could point me into a direction it would be great!

Relations

Closes #39907

References

  • n.a.

Output from Acceptance Testing

make testacc TESTS=TestAccIAMUserLoginProfile PKG=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/iam/... -v -count 1 -parallel 5 -run='TestAccIAMUserLoginProfile'  -timeout 360m
2024/11/02 14:09:20 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMUserLoginProfile_basic
=== PAUSE TestAccIAMUserLoginProfile_basic
=== RUN   TestAccIAMUserLoginProfile_keybase
=== PAUSE TestAccIAMUserLoginProfile_keybase
=== RUN   TestAccIAMUserLoginProfile_keybaseDoesntExist
=== PAUSE TestAccIAMUserLoginProfile_keybaseDoesntExist
=== RUN   TestAccIAMUserLoginProfile_notAKey
=== PAUSE TestAccIAMUserLoginProfile_notAKey
=== RUN   TestAccIAMUserLoginProfile_passwordLength
=== PAUSE TestAccIAMUserLoginProfile_passwordLength
=== RUN   TestAccIAMUserLoginProfile_nogpg
=== PAUSE TestAccIAMUserLoginProfile_nogpg
=== RUN   TestAccIAMUserLoginProfile_disappears
=== PAUSE TestAccIAMUserLoginProfile_disappears
=== RUN   TestAccIAMUserLoginProfile_passwordResetRequired
=== PAUSE TestAccIAMUserLoginProfile_passwordResetRequired
=== CONT  TestAccIAMUserLoginProfile_basic
=== CONT  TestAccIAMUserLoginProfile_passwordResetRequired
=== CONT  TestAccIAMUserLoginProfile_passwordLength
=== CONT  TestAccIAMUserLoginProfile_disappears
=== CONT  TestAccIAMUserLoginProfile_notAKey
--- PASS: TestAccIAMUserLoginProfile_notAKey (19.39s)
=== CONT  TestAccIAMUserLoginProfile_keybaseDoesntExist
--- PASS: TestAccIAMUserLoginProfile_keybaseDoesntExist (17.13s)
=== CONT  TestAccIAMUserLoginProfile_keybase
--- PASS: TestAccIAMUserLoginProfile_passwordLength (37.73s)
=== CONT  TestAccIAMUserLoginProfile_nogpg
--- PASS: TestAccIAMUserLoginProfile_disappears (38.60s)
--- PASS: TestAccIAMUserLoginProfile_basic (42.12s)
--- PASS: TestAccIAMUserLoginProfile_passwordResetRequired (42.23s)
--- PASS: TestAccIAMUserLoginProfile_keybase (31.25s)
--- PASS: TestAccIAMUserLoginProfile_nogpg (30.75s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        68.698s

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 2, 2024

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added service/iam Issues and PRs that pertain to the iam service. needs-triage Waiting for first response or review from a maintainer. labels Nov 2, 2024
@stefanfreitag stefanfreitag marked this pull request as ready for review November 2, 2024 14:04
@stefanfreitag stefanfreitag requested a review from a team as a code owner November 2, 2024 14:04
@justinretzolk justinretzolk added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 4, 2024
jar-b
jar-b approved these changes Nov 4, 2024
View reviewed changes
Copy link
Member

@jar-b jar-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🎉

% make testacc PKG=iam TESTS=TestAccIAMUserLoginProfile_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMUserLoginProfile_'  -timeout 360m
2024/11/04 10:35:22 Initializing Terraform AWS Provider...

--- PASS: TestAccIAMUserLoginProfile_nogpg (15.71s)
--- PASS: TestAccIAMUserLoginProfile_passwordLength (15.74s)
--- PASS: TestAccIAMUserLoginProfile_keybase (15.75s)
--- PASS: TestAccIAMUserLoginProfile_keybaseDoesntExist (16.48s)
--- PASS: TestAccIAMUserLoginProfile_notAKey (16.51s)
--- PASS: TestAccIAMUserLoginProfile_disappears (23.47s)
--- PASS: TestAccIAMUserLoginProfile_basic (23.47s)
--- PASS: TestAccIAMUserLoginProfile_passwordResetRequired (31.20s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        36.142s

@jar-b
Copy link
Member

jar-b commented Nov 4, 2024

Thanks for your contribution, @stefanfreitag! 👍

@jar-b jar-b merged commit 1cc738f into hashicorp:main Nov 4, 2024
31 checks passed
@github-actions github-actions bot added this to the v5.75.0 milestone Nov 4, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.75.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jar-b jar-b jar-b approved these changes

Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/iam Issues and PRs that pertain to the iam service.
Projects
None yet
Milestone
v5.75.0
Development

Successfully merging this pull request may close these issues.

[Bug]: aws_iam_user_login_profile password should be marked as sensitive
3 participants
@stefanfreitag @jar-b @justinretzolk